Mobile banking users in Brazil have been affected by a malware when they accidentally downloaded an Android-based malware which controlled devices and stole their personal data. Around 2000 people were affected by this malware.
Cybercriminals were distributing the Android.BankBot.495.origin trojan on Google Play under the disguise of apps that probably permitted WhatsApp monitoring of Android-based devices.
When this app is launched, the malware would try to attain access to Android accessibility features, which in turn would allow it run in the background, tap buttons and steal contents of active application windows.
The security analysts checked for the malware behavior in some of Brazil’s largest banks. According to the reports, while interacting with Bradesco, the second-largest private bank in Brazil, the trojan would read the victim’s account information and automatically log in to the account by entering the PIN code received from the command and control server.
The trojan Android.BankBot.495.origin would then get access to users’ account balances along with other private banking data which is then transferred to the cybercriminals.
Bradesco confirmed that the transactional environment of the bank is safe and that operations can only be performed by using a mobile token.
The security analysts pointed out that the Android-based malware is also used to perform phishing attacks in other applications, including Uber, Netflix and Twitter.
When launched, the trojan displays an overlay window with a fraudulent web page simulating the attacked app, loaded from the second command and control server. This will persuade the user to enter then confidential data.